puppet 7.25.0-x86-mingw32 → 7.27.0-x86-mingw32

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 501c8aa0e26d1526a466a04e90c09ac987a2d0fd7b546eaa51a4e0e49570413e
-  data.tar.gz: e40ee61974f8f663f5b0323afc43bd3af34379ea36b1fb5bb5d281ee3ec5ecaf
+  metadata.gz: c0d7b1946af6af0695c0c3079cdafb6f05b5cc4a8f9325e707d9043eeabc4f00
+  data.tar.gz: 682f12641fdef56f5a9966bd9ceb3ef5c4040b8fbc78cb2047b95b6f1e9d4249
 SHA512:
-  metadata.gz: 43c66221eff33d41a007e8e67136452d640490614711a9a4a34ff425a7fbf4e3ac322d15912dafa9e45aaa9a1967b787ad16104ff7eedb4c72b4734add9805ec
-  data.tar.gz: 46263dbea786c3cc662a16a030a623d037dfaf4da1fde47cb55e1fec7960f8272c79ea3cda1e7cee16e77f776e64c36296f06e092356e1975b5706dbae094be6
+  metadata.gz: 5d4e6784e852cd9d6bd775176c213b5c61079995e22add1fa410a1b3d313381db09df84fee8b3dc4addd5c7a1567c62f3156e0bb929891022eaf710f632aae58
+  data.tar.gz: 5babca90f6a026d264cc36c681b5a7de11955801b52ca25f64185106c8997429546caa3c66a906a177c3ec32261e303ab382f6bcc35b545f37a0e32bc7089c51

data/Gemfile

@@ -35,7 +35,7 @@ group(:features) do
 end
 
 group(:test) do
-  gem "ffi", require: false
+  gem "ffi", '1.15.5', require: false
   gem "json-schema", "~> 2.0", require: false
   gem "rake", *location_for(ENV['RAKE_LOCATION'] || '~> 13.0')
   gem "rspec", "~> 3.1", require: false

data/Gemfile.lock

@@ -1,6 +1,6 @@
 GIT
   remote: https://github.com/puppetlabs/packaging
-  revision: 87a3396077f06e2341ad19e6fcd15f7c14ec02f9
+  revision: 8adf33f59cc443c311c5d5d70c6ba2084625ceea
   branch: 1.0.x
   specs:
     packaging (0)
@@ -15,7 +15,7 @@ GIT
 PATH
   remote: .
   specs:
-    puppet (7.25.0)
+    puppet (7.27.0)
       CFPropertyList (~> 2.2)
       concurrent-ruby (~> 1.0)
       deep_merge (~> 1.0)
@@ -31,27 +31,29 @@ GEM
   remote: https://artifactory.delivery.puppetlabs.net/artifactory/api/gems/rubygems/
   specs:
     CFPropertyList (2.3.6)
-    addressable (2.8.4)
+    addressable (2.8.5)
       public_suffix (>= 2.0.2, < 6.0)
     apt_stage_artifacts (0.11.0)
       docopt
     artifactory (3.0.15)
     ast (2.4.2)
+    base64 (0.1.1)
     coderay (1.1.3)
     concurrent-ruby (1.2.2)
     crack (0.4.5)
       rexml
-    csv (3.2.6)
+    csv (3.2.7)
     declarative (0.0.20)
     deep_merge (1.2.2)
     diff-lcs (1.5.0)
-    digest-crc (0.6.4)
+    digest-crc (0.6.5)
       rake (>= 12.0.0, < 14.0.0)
     docopt (0.6.1)
-    facter (4.4.0)
+    facter (4.5.0)
       hocon (~> 1.3)
       thor (>= 1.0.1, < 2.0)
-    faraday (2.7.6)
+    faraday (2.7.11)
+      base64
       faraday-net_http (>= 2.0, < 3.1)
       ruby2_keywords (>= 0.0.4)
     faraday-net_http (3.0.2)
@@ -64,7 +66,7 @@ GEM
       fast_gettext (~> 1.1.0)
       gettext (>= 3.0.2, < 3.3.0)
       locale
-    google-apis-core (0.11.0)
+    google-apis-core (0.11.1)
       addressable (~> 2.5, >= 2.5.1)
       googleauth (>= 0.16.2, < 2.a)
       httpclient (>= 2.8.1, < 3.a)
@@ -91,10 +93,9 @@ GEM
       google-cloud-core (~> 1.6)
       googleauth (>= 0.16.2, < 2.a)
       mini_mime (~> 1.0)
-    googleauth (1.5.2)
+    googleauth (1.8.1)
       faraday (>= 0.17.3, < 3.a)
       jwt (>= 1.4, < 3.0)
-      memoist (~> 0.16)
       multi_json (~> 1.11)
       os (>= 0.9, < 2.0)
       signet (>= 0.16, < 2.a)
@@ -111,34 +112,33 @@ GEM
       addressable (>= 2.4)
     jwt (2.7.1)
     locale (2.1.3)
-    memoist (0.16.2)
     memory_profiler (1.0.1)
     method_source (1.0.0)
-    mini_mime (1.1.2)
+    mini_mime (1.1.5)
     minitar (0.9)
-    msgpack (1.7.1)
+    msgpack (1.7.2)
     multi_json (1.15.0)
     mustache (1.1.1)
-    optimist (3.0.1)
+    optimist (3.1.0)
     os (1.1.4)
     parallel (1.23.0)
-    parser (3.2.2.3)
+    parser (3.2.2.4)
       ast (~> 2.4.1)
       racc
     pry (0.14.2)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    public_suffix (5.0.1)
-    puppet-resource_api (1.8.14)
+    public_suffix (5.0.3)
+    puppet-resource_api (1.9.0)
       hocon (>= 1.0)
     puppetserver-ca (2.6.0)
       facter (>= 2.0.1, < 5)
     racc (1.5.2)
     rainbow (3.1.1)
     rake (13.0.6)
-    rdiscount (2.2.7)
+    rdiscount (2.2.7.1)
     rdoc (6.3.3)
-    regexp_parser (2.8.1)
+    regexp_parser (2.8.2)
     release-metrics (1.1.0)
       csv
       docopt
@@ -147,7 +147,7 @@ GEM
       trailblazer-option (>= 0.1.1, < 0.2.0)
       uber (< 0.2.0)
     retriable (3.1.2)
-    rexml (3.2.5)
+    rexml (3.2.6)
     ronn (0.7.3)
       hpricot (>= 0.8.2)
       mustache (>= 0.7.0)
@@ -164,10 +164,10 @@ GEM
     rspec-its (1.3.0)
       rspec-core (>= 3.0.0)
       rspec-expectations (>= 3.0.0)
-    rspec-mocks (3.12.5)
+    rspec-mocks (3.12.6)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
-    rspec-support (3.12.0)
+    rspec-support (3.12.1)
     rubocop (1.28.0)
       parallel (~> 1.10)
       parser (>= 3.1.0.0)
@@ -186,18 +186,18 @@ GEM
     ruby2_keywords (0.0.5)
     scanf (1.0.0)
     semantic_puppet (1.1.0)
-    signet (0.17.0)
+    signet (0.18.0)
       addressable (~> 2.8)
       faraday (>= 0.17.5, < 3.a)
       jwt (>= 1.5, < 3.0)
       multi_json (~> 1.10)
     text (1.3.1)
-    thor (1.2.2)
+    thor (1.3.0)
     trailblazer-option (0.1.2)
     uber (0.1.0)
-    unicode-display_width (2.4.2)
+    unicode-display_width (2.5.0)
     vcr (5.1.0)
-    webmock (3.18.1)
+    webmock (3.19.1)
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
@@ -209,7 +209,7 @@ PLATFORMS
 
 DEPENDENCIES
   diff-lcs (~> 1.3)
-  ffi
+  ffi (= 1.15.5)
   gettext-setup (~> 0.28)
   hiera-eyaml
   hocon (~> 1.0)
@@ -238,4 +238,4 @@ DEPENDENCIES
   yard
 
 BUNDLED WITH
-   2.4.12
+   2.4.20

data/ext/project_data.yaml

@@ -40,11 +40,11 @@ gem_platform_dependencies:
       CFPropertyList: '~> 2.2'
   x86-mingw32:
     gem_runtime_dependencies:
-      ffi: ['> 1.9.24', '< 2']
+      ffi: '1.15.5'
       minitar: '~> 0.9'
   x64-mingw32:
     gem_runtime_dependencies:
-      ffi: ['> 1.9.24', '< 2']
+      ffi: '1.15.5'
       minitar: '~> 0.9'
 bundle_platforms:
   universal-darwin: all

data/lib/puppet/application/ssl.rb

@@ -59,6 +59,11 @@ ACTIONS
   the CSR. Otherwise a new key pair will be generated. If a CSR has already
   been submitted with the given `certname`, then the operation will fail.
 
+* generate_request:
+  Generate a certificate signing request (CSR). If
+  a private and public key pair already exist, they will be used to generate
+  the CSR. Otherwise a new key pair will be generated.
+
 * download_cert:
   Download a certificate for this host. If the current private key matches
   the downloaded certificate, then the certificate will be saved and used
@@ -136,9 +141,21 @@ HELP
       unless cert
         raise Puppet::Error, _("The certificate for '%{name}' has not yet been signed") % { name: certname }
       end
+    when 'generate_request'
+      generate_request(certname)
     when 'verify'
       verify(certname)
     when 'clean'
+      possible_extra_args = command_line.args.drop(1)
+      unless possible_extra_args.empty?
+        raise Puppet::Error, _(<<END) % { args: possible_extra_args.join(' ')}
+Extra arguments detected: %{args}
+Did you mean to run:
+  puppetserver ca clean --certname <name>
+Or:
+  puppet ssl clean --target <name>
+END
+      end
       clean(certname)
     when 'bootstrap'
       if !Puppet::Util::Log.sendlevel?(:info)
@@ -162,13 +179,7 @@ HELP
   def submit_request(ssl_context)
     key = @cert_provider.load_private_key(Puppet[:certname])
     unless key
-      if Puppet[:key_type] == 'ec'
-        Puppet.info _("Creating a new EC SSL key for %{name} using curve %{curve}") % { name: Puppet[:certname], curve: Puppet[:named_curve] }
-        key = OpenSSL::PKey::EC.generate(Puppet[:named_curve])
-      else
-        Puppet.info _("Creating a new SSL key for %{name}") % { name: Puppet[:certname] }
-        key = OpenSSL::PKey::RSA.new(Puppet[:keylength].to_i)
-      end
+      key = create_key(Puppet[:certname])
       @cert_provider.save_private_key(Puppet[:certname], key)
     end
 
@@ -187,6 +198,20 @@ HELP
     raise Puppet::Error.new(_("Failed to submit certificate request: %{message}") % { message: e.message }, e)
   end
 
+  def generate_request(certname)
+    key = @cert_provider.load_private_key(certname)
+    unless key
+      key = create_key(certname)
+      @cert_provider.save_private_key(certname, key)
+    end
+
+    csr = @cert_provider.create_request(certname, key)
+    @cert_provider.save_request(certname, csr)
+    Puppet.notice _("Generated certificate request in '%{path}'") % { path: @cert_provider.to_path(Puppet[:requestdir], certname) }
+  rescue => e
+    raise Puppet::Error.new(_("Failed to generate certificate request: %{message}") % { message: e.message }, e)
+  end
+
   def download_cert(ssl_context)
     key = @cert_provider.load_private_key(Puppet[:certname])
 
@@ -285,4 +310,14 @@ END
   def create_route(ssl_context)
     @session.route_to(:ca, ssl_context: ssl_context)
   end
+
+  def create_key(certname)
+    if Puppet[:key_type] == 'ec'
+      Puppet.info _("Creating a new EC SSL key for %{name} using curve %{curve}") % { name: certname, curve: Puppet[:named_curve] }
+      OpenSSL::PKey::EC.generate(Puppet[:named_curve])
+    else
+      Puppet.info _("Creating a new SSL key for %{name}") % { name: certname }
+      OpenSSL::PKey::RSA.new(Puppet[:keylength].to_i)
+    end
+  end
 end

data/lib/puppet/application.rb

@@ -503,8 +503,12 @@ class Application
     runtime_info = {
       'puppet_version' => Puppet.version,
       'ruby_version'   => RUBY_VERSION,
-      'run_mode'       => self.class.run_mode.name,
+      'run_mode'       => self.class.run_mode.name
     }
+    unless Puppet::Util::Platform.jruby_fips?
+      runtime_info['openssl_version'] = "'#{OpenSSL::OPENSSL_VERSION}'"
+      runtime_info['openssl_fips'] = OpenSSL::OPENSSL_FIPS
+    end
     runtime_info['default_encoding'] = Encoding.default_external
     runtime_info.merge!(extra_info) unless extra_info.nil?
 

data/lib/puppet/defaults.rb

@@ -3,11 +3,7 @@ require_relative '../puppet/util/platform'
 module Puppet
 
   def self.default_diffargs
-    if (Puppet.runtime[:facter].value(:kernel) == "AIX" && Puppet.runtime[:facter].value(:kernelmajversion) == "5300")
-      ""
-    else
-      "-u"
-    end
+    '-u'
   end
 
   def self.default_digest_algorithm

data/lib/puppet/functions/split.rb

@@ -35,6 +35,21 @@ Puppet::Functions.create_function(:split) do
     param 'Type[Regexp]', :pattern
   end
 
+  dispatch :split_String_sensitive do
+    param 'Sensitive[String]', :sensitive
+    param 'String', :pattern
+  end
+
+  dispatch :split_Regexp_sensitive do
+    param 'Sensitive[String]', :sensitive
+    param 'Regexp', :pattern
+  end
+
+  dispatch :split_RegexpType_sensitive do
+    param 'Sensitive[String]', :sensitive
+    param 'Type[Regexp]', :pattern
+  end
+
   def split_String(str, pattern)
     str.split(Regexp.compile(pattern))
   end
@@ -46,4 +61,16 @@ Puppet::Functions.create_function(:split) do
   def split_RegexpType(str, pattern)
     str.split(pattern.regexp)
   end
-end
+
+  def split_String_sensitive(sensitive, pattern)
+    Puppet::Pops::Types::PSensitiveType::Sensitive.new(split_String(sensitive.unwrap, pattern))
+  end
+
+  def split_Regexp_sensitive(sensitive, pattern)
+    Puppet::Pops::Types::PSensitiveType::Sensitive.new(split_Regexp(sensitive.unwrap, pattern))
+  end
+
+  def split_RegexpType_sensitive(sensitive, pattern)
+    Puppet::Pops::Types::PSensitiveType::Sensitive.new(split_RegexpType(sensitive.unwrap, pattern))
+  end
+end

data/lib/puppet/http/client.rb

@@ -367,6 +367,7 @@ class Puppet::HTTP::Client
         apply_auth(request, basic_auth) if redirects.zero?
 
         # don't call return within the `request` block
+        close_and_sleep = nil
         http.request(request) do |nethttp|
           response = Puppet::HTTP::ResponseNetHTTP.new(request.uri, nethttp)
           begin
@@ -380,12 +381,14 @@ class Puppet::HTTP::Client
               interval = @retry_after_handler.retry_after_interval(request, response, retries)
               retries += 1
               if interval
-                if http.started?
-                  Puppet.debug("Closing connection for #{Puppet::HTTP::Site.from_uri(request.uri)}")
-                  http.finish
+                close_and_sleep = proc do
+                  if http.started?
+                    Puppet.debug("Closing connection for #{Puppet::HTTP::Site.from_uri(request.uri)}")
+                    http.finish
+                  end
+                  Puppet.warning(_("Sleeping for %{interval} seconds before retrying the request") % { interval: interval })
+                  ::Kernel.sleep(interval)
                 end
-                Puppet.warning(_("Sleeping for %{interval} seconds before retrying the request") % { interval: interval })
-                ::Kernel.sleep(interval)
                 next
               end
             end
@@ -404,6 +407,10 @@ class Puppet::HTTP::Client
 
           done = true
         end
+      ensure
+        # If a server responded with a retry, make sure the connection is closed and then
+        # sleep the specified time.
+        close_and_sleep.call if close_and_sleep
       end
     end
 

data/lib/puppet/node/environment.rb

@@ -591,10 +591,12 @@ class Puppet::Node::Environment
       if file == NO_MANIFEST
         empty_parse_result
       elsif File.directory?(file)
-        parse_results = Puppet::FileSystem::PathPattern.absolute(File.join(file, '**/*.pp')).glob.sort.map do | file_to_parse |
-          parser.file = file_to_parse
-          parser.parse
-          end
+        # JRuby does not properly perform Dir.glob operations with wildcards, (see PUP-11788 and https://github.com/jruby/jruby/issues/7836).
+        # We sort the results because Dir.glob order is inconsistent in Ruby < 3 (see PUP-10115).
+        parse_results = Puppet::FileSystem::PathPattern.absolute(File.join(file, '**/*')).glob.select {|globbed_file| globbed_file.end_with?('.pp')}.sort.map do | file_to_parse |
+                          parser.file = file_to_parse
+                          parser.parse
+                        end
         # Use a parser type specific merger to concatenate the results
         Puppet::Parser::AST::Hostclass.new('', :code => Puppet::Parser::ParserFactory.code_merger.concatenate(parse_results))
       else

data/lib/puppet/pops/evaluator/deferred_resolver.rb

@@ -9,7 +9,13 @@ class DeferredValue
   end
 
   def resolve
-    @proc.call
+    val = @proc.call
+    # Deferred sensitive values will be marked as such in resolve_futures()
+    if val.is_a?(Puppet::Pops::Types::PSensitiveType::Sensitive)
+      val.unwrap
+    else
+      val
+    end
   end
 end
 
@@ -87,8 +93,12 @@ class DeferredResolver
         #
         if resolved.is_a?(Puppet::Pops::Types::PSensitiveType::Sensitive)
           resolved = resolved.unwrap
-          unless r.sensitive_parameters.include?(k.to_sym)
-            r.sensitive_parameters = (r.sensitive_parameters + [k.to_sym]).freeze
+          mark_sensitive_parameters(r, k)
+        # If the value is a DeferredValue and it has an argument of type PSensitiveType, mark it as sensitive
+        # The DeferredValue.resolve method will unwrap it during catalog application
+        elsif resolved.is_a?(Puppet::Pops::Evaluator::DeferredValue)
+          if v.arguments.any? {|arg| arg.is_a?(Puppet::Pops::Types::PSensitiveType)}
+            mark_sensitive_parameters(r, k)
           end
         end
         overrides[ k ] = resolved
@@ -97,6 +107,13 @@ class DeferredResolver
     end
   end
 
+  def mark_sensitive_parameters(r, k)
+    unless r.sensitive_parameters.include?(k.to_sym)
+      r.sensitive_parameters = (r.sensitive_parameters + [k.to_sym]).freeze
+    end
+  end
+  private :mark_sensitive_parameters
+
   def resolve(x)
     if x.class == @deferred_class
       resolve_future(x)

data/lib/puppet/pops/time/timespan.rb

@@ -633,7 +633,7 @@ module Time
         position = -1
         fstart = 0
 
-        str.codepoints do |codepoint|
+        str.each_codepoint do |codepoint|
           position += 1
           if state == STATE_LITERAL
             if codepoint == 0x25 # '%'

data/lib/puppet/provider/package/apt.rb

@@ -12,7 +12,7 @@ Puppet::Type.type(:package).provide :apt, :parent => :dpkg, :source => :dpkg do
     These options should be specified as an array where each element is either a
      string or a hash."
 
-  has_feature :versionable, :install_options, :virtual_packages
+  has_feature :versionable, :install_options, :virtual_packages, :version_ranges
 
   commands :aptget => "/usr/bin/apt-get"
   commands :aptcache => "/usr/bin/apt-cache"

data/lib/puppet/provider/package/dnf.rb

@@ -9,7 +9,7 @@ Puppet::Type.type(:package).provide :dnf, :parent => :yum do
   These options should be specified as an array where each element is either
    a string or a hash."
 
-  has_feature :install_options, :versionable, :virtual_packages, :install_only
+  has_feature :install_options, :versionable, :virtual_packages, :install_only, :version_ranges
 
   commands :cmd => "dnf", :rpm => "rpm"
 

data/lib/puppet/provider/package/yum.rb

@@ -15,7 +15,7 @@ Puppet::Type.type(:package).provide :yum, :parent => :rpm, :source => :rpm do
   This provider supports the `install_options` attribute, which allows command-line flags to be passed to yum.
   These options should be specified as an array where each element is either a string or a hash."
 
-  has_feature :install_options, :versionable, :virtual_packages, :install_only
+  has_feature :install_options, :versionable, :virtual_packages, :install_only, :version_ranges
 
   RPM_VERSION       = Puppet::Util::Package::Version::Rpm
   RPM_VERSION_RANGE = Puppet::Util::Package::Version::Range

data/lib/puppet/ssl/oids.rb

@@ -71,6 +71,7 @@ module Puppet::SSL::Oids
 
     ["1.3.6.1.4.1.34380.1.3.1",  'pp_authorization', 'Certificate Extension Authorization'],
     ["1.3.6.1.4.1.34380.1.3.13", 'pp_auth_role', 'Puppet Node Role Name for Authorization'],
+    ["1.3.6.1.4.1.34380.1.3.39", 'pp_cli_auth', 'Puppetserver CA CLI Authorization'],
   ]
 
   @did_register_puppet_oids = false

data/lib/puppet/util/execution.rb

@@ -222,8 +222,12 @@ module Puppet::Util::Execution
             # Use non-blocking read to check for data. After each attempt,
             # check whether the child is done. This is done in case the child
             # forks and inherits stdout, as happens in `foo &`.
-            
-            until results = Process.waitpid2(child_pid, Process::WNOHANG) #rubocop:disable Lint/AssignmentInCondition
+            # If we encounter EOF, though, then switch to a blocking wait for
+            # the child; after EOF, IO.select will never block and the loop
+            # below will use maximum CPU available.
+
+            wait_flags = Process::WNOHANG
+            until results = Process.waitpid2(child_pid, wait_flags) #rubocop:disable Lint/AssignmentInCondition
 
               # If not done, wait for data to read with a timeout
               # This timeout is selected to keep activity low while waiting on
@@ -234,6 +238,7 @@ module Puppet::Util::Execution
                 output << reader.read_nonblock(4096) if ready
               rescue Errno::EAGAIN
               rescue EOFError
+                wait_flags = 0
               end
             end
 

data/lib/puppet/util/windows/adsi.rb

@@ -175,6 +175,13 @@ module Puppet::Util::Windows::ADSI
         sids = []
         adsi_child_collection.each do |m|
           sids << Puppet::Util::Windows::SID.ads_to_principal(m)
+        rescue Puppet::Util::Windows::Error => e
+          case e.code
+          when Puppet::Util::Windows::SID::ERROR_TRUSTED_RELATIONSHIP_FAILURE, Puppet::Util::Windows::SID::ERROR_TRUSTED_DOMAIN_FAILURE
+            sids << Puppet::Util::Windows::SID.unresolved_principal(m.name, m.sid)
+          else
+            raise e
+          end
         end
 
         sids

data/lib/puppet/util/windows/sid.rb

@@ -6,8 +6,10 @@ module Puppet::Util::Windows
     extend FFI::Library
 
     # missing from Windows::Error
-    ERROR_NONE_MAPPED           = 1332
-    ERROR_INVALID_SID_STRUCTURE = 1337
+    ERROR_NONE_MAPPED                  = 1332
+    ERROR_INVALID_SID_STRUCTURE        = 1337
+    ERROR_TRUSTED_DOMAIN_FAILURE       = 1788
+    ERROR_TRUSTED_RELATIONSHIP_FAILURE = 1789
 
     # Well Known SIDs
     Null                        = 'S-1-0'

data/lib/puppet/version.rb

@@ -6,7 +6,7 @@
 # Raketasks and such to set the version based on the output of `git describe`
 
 module Puppet
-  PUPPETVERSION = '7.25.0'
+  PUPPETVERSION = '7.27.0'
 
   ##
   # version is a public API method intended to always provide a fast and

data/lib/puppet/x509/cert_provider.rb

@@ -346,13 +346,17 @@ class Puppet::X509::CertProvider
     OpenSSL::X509::Request.new(pem)
   end
 
-  private
-
+  # Return the path to the cert related object (key, CSR, cert, etc).
+  #
+  # @param base [String] base directory
+  # @param name [String] the name associated with the cert related object
   def to_path(base, name)
     raise _("Certname %{name} must not contain unprintable or non-ASCII characters") % { name: name.inspect } unless name =~ VALID_CERTNAME
     File.join(base, "#{name.downcase}.pem")
   end
 
+  private
+
   def permissions_for_setting(name)
     setting = Puppet.settings.setting(name)
     perm = { mode: setting.mode.to_i(8) }

data/man/man5/puppet.conf.5

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPETCONF" "5" "May 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPETCONF" "5" "October 2023" "Puppet, Inc." "Puppet manual"
 \fBThis page is autogenerated; any changes will get overwritten\fR
 .
 .SH "Configuration settings"
@@ -945,7 +945,7 @@ The time to wait for data to be read from an HTTP connection\. If nothing is rea
 The HTTP User\-Agent string to send when making network requests\.
 .
 .IP "\(bu" 4
-\fIDefault\fR: \fBPuppet/7\.25\.0 Ruby/2\.7\.5\-p203 (x86_64\-linux)\fR
+\fIDefault\fR: \fBPuppet/7\.27\.0 Ruby/2\.7\.5\-p203 (x86_64\-linux)\fR
 .
 .IP "" 0
 .

data/man/man8/puppet-agent.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-AGENT" "8" "May 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-AGENT" "8" "October 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-agent\fR \- The puppet agent daemon

data/man/man8/puppet-apply.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-APPLY" "8" "May 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-APPLY" "8" "October 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-apply\fR \- Apply Puppet manifests locally

data/man/man8/puppet-catalog.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-CATALOG" "8" "May 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-CATALOG" "8" "October 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-catalog\fR \- Compile, save, view, and convert catalogs\.

data/man/man8/puppet-config.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-CONFIG" "8" "May 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-CONFIG" "8" "October 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-config\fR \- Interact with Puppet\'s settings\.